What is GAPPSSMTP and How to Set Up a Custom DKIM Key For Your Emails?
GAPPSSMTP stands for Google Apps Simple Mail Transfer Protocol, which is responsible for exchanging email messages securely and swiftly. This is a part of Google Workspace’s suite of tools.
Understanding GAPPSSMTP
Every outgoing message that is sent through the Gmail SMTP server is signed with a default DKIM key to prevent email tampering and verify the sender’s authentication. By default, this key is d=*.gappssmtp.com; however, users can set a manual DKIM record in which different keys are generated for the authentication process.
Please note that this is only for email messages sent from Google; the ones sent from non-Google servers don’t get signed with the default DKIM key.
DKIM Signatures Help Spot Suspicious Messages
Navigate the ‘show details’ drop-down located under the sender’s name column to retrieve the DKIM record linked with the domain from which the potentially phishing message has been dispatched. Check the ‘signed by’ part to verify if it has been sent from an unsecured server.
If you see ‘Gmail,’ then the DKIM record will include the GAPPSSMTP key, which indicates that it was sent from a secure server.
However, emails sent through other Google Apps like Drive, Calendar, Box, etc., don’t have a customer-identified DKIM; hence, they are automatically signed by GAPPSSMTP.
Difference Between GAPPSSMTP and DKIM
GAPPSSMTP | DKIM | |
Purpose | It’s a protocol provided by Google for sending emails through Gmail. | DKIM is a method for validating the authenticity of an email message by associating a domain name with the message. |
Functionality | When you configure your email client or application to use Gmail SMTP settings, it allows you to send emails using your Gmail account through the SMTP protocol. | When an email is sent with DKIM, the sending mail server adds a digital signature to the email header. The receiving mail server can then use the public key published in the sender’s DNS records to verify the signature, confirming that the claimed domain indeed sent the email and that it hasn’t been tampered with during transit. |
Authentication | To use Gmail SMTP, you typically need to provide your Gmail username and password and sometimes enable “less secure app access” in your Google account settings. This ensures that only authorized users can send emails using your Gmail account. | DKIM helps prevent email spoofing and phishing by allowing the recipient’s email server to verify that the claimed sender actually sent the email. |
Configuring a Custom DKIM Key
As aforementioned, emails sent from email service providers other than Google don’t sign outgoing messages using the default DKIM keys. So, you can use the following steps to configure a custom DKIM key:
- Sign in as a super administrator.
- Then turn on Gmail for your domain. It’s recommended to wait for 24-72 hours to have your DKIM record show up. Otherwise, you might encounter the ‘DKIM record not created’ error.
- sign in to your Google Admin console and navigate to Menu > Apps > Google Workspace > Gmail. Next, click on ‘Authenticate Email’ and select the domain for which you want to configure DKIM.
- Navigate to an option where you can produce a new record and configure DKIM key settings, which allows you to select the bit length of keys. Remember, the lengthier the keys, the more challenging it is for hackers to break them.
- Select a prefix. The default one is ‘Google’, which is recommended for use. If your domain already utilizes a DKIM key with the prefix “google,” enter a different prefix in this field.
- Look for the ‘”Generate new record” box and click on ‘Generate.’ On the configuration page, the text string beneath the “TXT record value” section will be updated with a new value, and you will receive a confirmation message stating, “DKIM authentication settings have been updated.”
- Subsequently, proceed to copy the DKIM values and insert the DKIM record into your domain.
Enabling DKIM
Go to your Google Admin console and follow these steps-
- Go to “Menu,” then “Apps,” proceed to “Google Workspace,” and finally select “Gmail.”
- Click on “Authenticate email.”
- From the “Selected domain” dropdown menu, choose the domain for which you wish to enable DKIM.
- Click the “Start authentication” button. Upon successful completion of DKIM setup and proper functionality, the status at the top of the page will change to: “Authenticating email with DKIM.”
Summary
In summary, GAPPSSMTP is about the protocol and settings used for sending emails through Gmail, while DKIM, in combination with SPF and DMARC, provides a robust framework for verifying the authenticity of email messages. Specifically, DKIM ensures the integrity of emails by digitally signing them using a private key. This allows recipients to confirm the signature’s validity using a corresponding public key that is stored in DNS records. When integrated with SPF and DMARC protocols, this enhances the overall security measure, providing a more trustworthy email communication environment. They are complementary in the sense that you can use GAPPSSMTP to send emails, and DKIM can be employed to enhance email authentication and security. Together, they can fortify email-based menaces.